Tammy Thueringer/MEDILL
Ray Trygstad, instructor in Information Technology and Management and IT Director of IIT School of Applied Technology teaches a class in cyber security management, which is about the management and implementation of security policies and programs in an enterprise. Students have the option of attending the class in person or via webcam.
The issue of cybersecurity is no longer limited to fear of cyber attacks. The concern now is the shortage of workers who can keep critical networks and infrastructure secure.
Despite the importance of the job, which includes protecting our data and systems from hackers, data leaks and viruses, there is a growing shortage of people who are willing and able to do it.
Multiple reports show the U.S. government will need thousands of cybersecurity experts in the near future, and that’s just to start.
Earlier this year, a technology survey found the demand for cyber security professionals in the past five years has grown 3.5 times faster than the demand for other IT jobs and about 12 times faster than the demand for all other jobs.
The need for more cybersecurity workers, specifically in government agencies, is increasing every day.
A March report from the Department of Homeland Security found 32 percent of workers are either eligible for retirement or will be within the next three years. It also found nearly 80 percent of those currently working in cybersecurity are 40 or older and just a little more than 5 percent are 30 or younger.
Younger people may not be choosing the career because they don’t know it’s an option. In October, a technology company survey found 82 percent of millennials, those born between the early 1980s and early 2000s, say careers in cybersecurity were never presented.
“It’s just a matter of exposure, it’s a matter of them being aware,” said Ray Trygstad, director of information technology at the Illinois Institute of Technology. “I think any student who gets into it finds it interesting. I have not yet encountered a student who isn’t absolutely fascinated by the subject.”
Students who have a background in computer science or technology and are eventually exposed to cyber forensics or security is one thing, but they are in the minority. The more difficult problem to fix could be students who don’t know what it is or have any interest in it. The same technology survey found less than one-quarter of young adults aged 18 to 26 believe the career is interesting at all.
“Given that we need to add thousands of cybersecurity professionals to the workforce in the coming years, the data shows we have a long way to go in engaging young people in the idea of a career path in cybersecurity,” said Michael Kaiser, executive director of the National Cyber Security Alliance.
“We have to work together to ensure that young people are prepared to use technology safely, securely, ethically and productively and are aware of the interesting and rewarding jobs available protecting the Internet.”
Those who recognize the need aren’t sitting around and waiting for young people to become interested in the industry on their own. Instead, programs like the National Initiative for Cybersecurity Education, which has support from the Education Department and National Science Foundation, are creating curriculum aimed at students as young as kindergarten.
In February, the DHS took to cyberspace, launching the National Initiative for Cybersecurity Careers and Studies, an online resource for cybersecurity career, education and training information.
“Cultivating the next generation of cybersecurity professionals is vital to the Department of Homeland Security in our efforts, with our partners across the government and the private sector, to ensure a safe cyber environment, protect the systems that our nation’s critical infrastructure depend on, and combat cyber crime,” said S.Y. Lee, a DHS official.
The government’s efforts to educate and recruit the next generation of cybersecurity workers is also being integrated into college and universities around the country.
Last year, Northeastern University in Boston became one of a handful of schools designated as a National Center of Academic Excellence in Cyber Operations by the National Security Agency.
Agnes Chan, a Northeastern professor and co-founder of the school’s Institute for Information Assurance, says the partnership allows undergraduate computer science majors to concentrate in the area of cyber operations by taking courses in software vulnerability and network security as well as participate in seminars run by the NSA.
Chan says the program has helped attract students to Northeastern.
“There has been a surge of interest in the computer science program here,” Chan said. “Many of our students will tell us they chose Northeastern because of the cyber operations program.”
Closer to home, the Illinois Institute of Technology offers one of the few cybersecurity degree programs in the state.
Trygstad says education is the long-term solution to the current workforce shortage.
“Its not a stopgap, it’s how we fix it,” Trygstad said. “We just have to produce more graduates who are educated and knowledgeable in the field.”
Trygstad says IIT’s Master of Cyber Forensics and Security is designed to give experienced information technology professionals the necessary knowledge and tools to fill the need for cyber security and forensics workers, investigators and managers.
While Trygstad says a shortage of students is part of the problem, he also says there is a shortage of people who can teach the programs.
“One of the issues of getting programs like this is finding experienced, competent faculty,” Trygstad said. “We were very fortunate that we have people who have tremendous background and experience.”
Too many job titles may also be part of the problem. “Cybersecurity” covers a wide range of job functions, from analysts to hardware technicians.
“There is one class I teach where I go into all the job titles in disaster recovery and business continuity just in the banking industry and there are like 40 job titles,” Trygstad said.
He says the array of job titles helps insure those in the industry don’t get burned out, but Congress says the lack of clearly defined roles cause can confuse those in the field and those thinking about going into it.
But that could change if the Homeland Security Cybersecurity Boots-on-the-Ground Act (HR 3107) passes. The bill would require DHS to classify employees with cybersecurity functions, forecast workforce needs over the next 10 years and form a strategy to recruit, train and retain workers.
Even with defined jobs and titles the government may face an uphill battle. Many officials freely acknowledge the government can’t compete with the private sector when it comes to pay. In the past, a primary advantage of being a government employee was job security, but after recent budget cuts and government shutdowns, that is no longer the case.
Still the pay is far from a deterrent. One recent survey found the average salary of a cyber security professional is $116,000 a year. But not everyone believes money is the main motive when it comes to where to work.
“Government agencies and defense/aerospace firms remain magnets for cyber security professionals,” said Jim Duffy, secretary of technology for the governor of Virginia. “For top talent, cyber security isn’t about just a job and a paycheck. It is about the hottest technology deployed by honorable organizations, for a purpose that is inherently important.”
But luring young people to the industry might have a little to do with money. Chan says if industry and government want fill the need of cybersecurity workers, they should invest more money in the form of scholarships and program funding.
“Anytime money is involved people are interested,” Chan said.
